SpyEye

Today, Russian national Aleksandr Andreevich Panin pled guilty in an Atlanta federal
courtroom to a conspiracy charge associated with his role as the primary developer and
distributor of malwarecalled SpyEyecreated specifically to facilitate online theft
from financial institutions, many of them in the U.S.
SpyEye infected more than 1.4 million computersmany located in the U.S.obtaining
victims financial and personally identifiable information stored on those computers and
using it to transfer money out of victims bank accounts and into accounts controlled by
criminals.
Ultimately, though, Panin sold his malware online to the wrong customeran undercover
FBI employee. And after an investigation involving international law enforcement
partners as well as private sector partners, a dangerous cyber threat was neutralized.
Ultimately, though, Panin sold his malware online to the wrong customeran undercover
FBI employee. And after an investigation involving international law enforcement
partners as well as private sector partners, a dangerous cyber threat was neutralized.
How the conspiracy operated. From 2009 to 2011, Panin conspired with others,
including co-defendant Hamza Bendelladj (charged and extradited to the U.S. last year),
to advertise and develop various versions of SpyEye in online criminal forums. One ad
described the malware as a bank Trojan with form grabbing possibility, meaning it was
designed to steal bank information from a web browser while a user was conducting
online banking. Another ad said that the malware included a cc grabber, which scans
stolen victim data for credit card information.
Panin sold the SpyEye malware to more than 150 clients who paid anywhere from
$1,000 to $8,500 for various versions of it. Once in their hands, these cyber criminals
used the malware for their own nefarious purposesinfecting victim computers and
creating botnets (armies of hijacked computers) that collected large amounts of financial
and personal information and sent it back to servers under the control of the criminals.
They were then able to hack into bank accounts, withdraw stolen funds, create bogus
credit cards, etc.
In February 2011, a search warrant allowed the FBI to seize a key SpyEye server
located in Georgia.It was several months after that when the FBI bought SpyEye online
from Paninwhich turned out to be very incriminating because that particular version
contained the full suite of features designed to steal confidential financial information,
make fraudulent online banking transactions, install keystroke loggers, and initiate
distributed denial of service (DDoS) attacks from computers infected with malware.
Panin was arrested in July 2013 while he was flying through Hartsfield-Jackson Atlanta
International Airport.

The investigation into the SpyEye malware is just one initiative worked under
Operation Clean Slate, a broad public/private effort recently undertaken to eliminate the
most significant botnets affecting U.S. interests by targeting the criminal coders who
create them and other key individuals who provide their criminal services to anyone
wholl pay for them. Much like the FBIs other investigative priorities where we focus on
taking down the leaders of a criminal enterprise or terrorist organization, under Clean
Slate were going after the major cyber players who make botnets possible.
And FBI Executive Assistant Director Rick McFeely warns potential hackers: The next
person you peddle your malware to could be an FBI undercover employee...so regardless
of where you live, we will use all the tools in our toolboxincluding undercover
operations and extraditionsto hold cyber criminals accountable for profiting illicitly
from U.S. computer users.

https://www.fbi.gov/news/stories/2014/january/spyeye-malware-mastermind-pleadsguilty/spyeye-malware-mastermind-pleads-guilty
https://www.damballa.com/first-zeus-now-spyeye-look-the-source-code-now/